QzClaw

v1.0.5.post5 safe
4.0
Medium Risk

QzClaw is a **personal assistant** that runs in your own environment. It talks to you over multiple channels (DingTalk, Feishu, QQ, Discord, iMessage, etc.) and runs scheduled tasks according to your configuration. **What it can do is driven by Skills — the possibilities are open-ended.** Built-in skills include cron, PDF/Office handling, news digest, file reading, and more; you can add custom skills. All data and tasks run on your machine; no third-party hosting.

🤖 AI Analysis

Final verdict: SAFE

The package QzClaw appears to be safe for use with minimal risks identified. While there are indications of low maintainer effort and internal development, these do not suggest malicious intent.

  • No network calls or shell executions detected.
  • Minimal risk from obfuscation and credential harvesting.
Per-check LLM notes
  • Network: No network calls detected, which is normal unless the package requires external services.
  • Shell: No shell execution patterns detected, indicating no direct system command execution observed.
  • Obfuscation: No obfuscation patterns detected, indicating low risk of malicious obfuscation.
  • Credentials: No credential harvesting patterns detected, suggesting no risk of secret theft.
  • Metadata: The package shows some signs of low maintainer effort and potential internal development without proper documentation, but lacks clear indicators of malicious intent.

🔬 Heuristic Checks

Outbound Network Calls

No suspicious network call patterns found

Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution

No shell execution patterns detected

Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links score 6.0

Found 3 suspicious link(s) on the package page

  • Non-HTTPS external link: http://127.0.0.1:8888/**
  • Non-HTTPS external link: http://host.docker.internal:
  • Non-HTTPS external link: http://host.docker.internal:1234/v1`
Git Repository History

No GitHub repository linked

  • No GitHub repository link found
Maintainer History score 6.0

3 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
  • Package has no PyPI classifiers (low effort / metadata quality)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with QzClaw 
Create a personal productivity assistant called 'TaskMaster' using the Python package 'QzClaw'. TaskMaster should serve as a comprehensive tool to manage daily tasks and notifications through various communication channels such as DingTalk, Feishu, QQ, Discord, and iMessage. The application will leverage QzClaw's built-in skills like cron for scheduling tasks and custom skills for specific user-defined functionalities.

Step 1: Set up QzClaw in your development environment. Ensure you have all necessary dependencies installed and the QzClaw package is properly configured to communicate over multiple channels.

Step 2: Implement a basic task management feature where users can add, edit, delete, and view their tasks. Each task should have details such as title, description, due date, and priority level.

Step 3: Utilize the cron skill within QzClaw to schedule reminders for upcoming tasks based on their due dates. Users should receive notifications via their preferred channel when a task is approaching its deadline.

Step 4: Develop a custom skill that allows users to attach files (PDFs, Office documents) to their tasks for reference. This could involve integrating QzClaw's PDF/Office handling capabilities.

Step 5: Integrate a news digest feature into TaskMaster, allowing users to stay informed about relevant topics without leaving the app. Use QzClaw's built-in news digest skill to curate content based on user preferences.

Step 6: Enable TaskMaster to read out task summaries and news digests aloud, enhancing accessibility for users who prefer auditory information. Use QzClaw's file reading skill for this purpose.

Step 7: Test TaskMaster thoroughly across different communication channels to ensure reliability and responsiveness. Pay special attention to data privacy since all operations are performed locally without any third-party hosting.